04:51P FR0f1:James D. Leimbach, R 5^3819983' 



TO:l?038?E9306 



P:3^13 



IN THE SPCTFIC AHON 

Please amend the paragraph beginning on page 1 , line 1 5 to the foUowiog: 
A method as mentioned above is disclosed in "Specification of the 
Bluetooth System", vl.OB, Dec, 1, 1999, Specification Volume 1 (Core), Part B, 
Baseband Specification (More inft>nmtion on Bluetooth BLUETOOTH can be 
found on http:/Avww.bluetootfa.com). In this Specification the B luetooth 
B_LUET(X)TH link encryption is standardized. This link encryption is based on a 
symmetric cryptographic algorithm. The cryptogmphic keys as used in this 
algorithm are derived from a consumer device TD and an auttientication process. 
An authentication process is a process which is used by a consumer device to 
prove to another consumer device that it is actually the device it tells it is. The 
authentication process as performed in fte Bluetooth BLUETOOTH link 
encryption is designed to provide user privacy when the user commumcatcs 
between two of his two devices. This is achieved m die following way: the user 
chooses which dt5vice(s) he trust and brings 'in close contact' his user device and 
another consumer device. These two devices must share a common ciyptographic 
secret Tt is the user's responsibility that no eavesdropper can tap into the 
exchange of messages and modify the message content. Another authentication 
session is performed m the Bluetptith BLUETOOTH link encryption when the 
user diooscs a PIN code in order to ensure that no unauthorized per^n can use 
his Bluoiooth BLUETOOTH device(s). The PIN code is used here to authenticate 
the user. 

Please amend the paragraph beginning on page 2, line 9 to the 

following: 

It is clear that vAi&i using the Bhiotooth BLUETOOTH link encryption 
the user of the devices chooses which device he trusts. This link encryption is 
therefore not suitable in the situation in which the user is not trusted and can not 
be asked to play the role of trusted authority. This is, for example^ relevant in the 
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case where it must be prohibited that ib& user can attach to the device and copy or 
get access to content, stored on this device, illegally 

Please amend the paragraph beginning on page 2, line 19 to the following: 
In order to achieve this object, the method in accordance with the 
invention is chsECterzz^ in Hiat the method further comprises the step of: 

Please amend the paragraph begmning on page 2, line 24 to the following: 
The invention is based on the recognition that the purity requirements 
for suitable content protection measure:^ differ essentially from the security 
requirements for suitable user privacy protection measure as for example 
implemenled in the Bhieto o ih BLUETOOTH link encryption. As slated above, 
this kind of link encryption is not suited for content protection as Ae user is not 
trusted and can not be asked to play the role of trusted authority. Content 
protection is^ for instance, used when data is digitally transfcrr^ from a sending 
device to a receiving device to ensure that only an authorized receiving device is 
able to process or render the content. 



Please amend the paragn^h beginning on page 3, line 7 to the following: 
The invention has as an additional advantage that the method according to 
the invention can be introduced while maintainmg functionality if older consumer 
devices are used. This is for exainple hnportant if the link encryption accordmg to 
the Bfaeteefe BLUETOOTH speciticatioti is used, as, widiin Ihe Slwtooth 
BLtJETOOTH consoriiurTL, interoperability is regarded as an essential feature. 
Moreover it provides interpperability between compliant and non-compliant 
consumer devices. Compliant coDSumer devices are devices that can fi^odf prove 
to each other that they know a secret that is only made available to devices which, 
have been certified to adhere to predefined content and/or copy protection rules. 
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Please amend the paragraph beginaing on page S» line 1 to the following: 
After activating a data communication link between consumer devices 1 
and 2 (not shown), two independent authentication sessiion^ 3 and 4, each 
comprising key generation, are performed between the consumer devices 1 and 2. 
The first authentication session 3 serves the purpose of protecting the users 
privacy, and is identical to the key set up already used in BluBtoolfa BLUErOOTH - 

Please amend the paragraph begiiming on page 5, line 6 to the following: 
This Bhietoolfa BLUETOCnH technology provides peer-to-peer 
communication over a relatively short distance of approximately ten meters. TTie 
system provides secwity measures both at the application layer and at the link 
layer. The link layer security measures arc described in Chapter 14 of the 
Baseband Specification mentioned before. This chapter describes tfie way In 
which authentication takes place between aHgteefa BIIJETCXjrH devices and the 
generation of keys that can be used for encryption/decryption purposes. Four 
different entities are used for maintaining security at the link layer: a public 
address which is unique for each user (the 48^bit IEEE Btaeteefa BLUEIOaiH 
device address, BD_ADDR), a private user key for authentication, a private user 
key for encryption and a random number (RAND) of 128 bits. The encryption 
key can be used for content protection. The random number is different for each 
new transaction. The private keys are derived during initializatioa and are further 
never disclosed. Normally, the encryption key is derived from the authentication 
key during the authentication process. For the authentication algorithm^ the size 
of the key used is always 128 bits* For tlic encryption algoritiim, the key size may 
vary between 1 and 16 octets (8^128 bits). The size of the encryption key is 
configurable, among others to meet the many different requirements imposed on 
cryptographic algorithms in different countrie^-both with respect to export 
regulations and authority attitudes towards privacy in general. The encryption key 
is entirely different from the authentication key (even though the latter is used 
when creating the former). Each time encryption is activated a new encryption 
key shall be generated. Thus, the lifetime of the encryption key does not 
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neces3arily coirespoad to tfae lifetime of the authentication key. It is anticipated 
that the authcatication key will be moie static to its namre tban the encryption 
key— once established the particular application running on the Bha e toodi 
BLUEIOOIH device decides when, or if, to change it To und^lme the 
fundamental iiiq>ortance of (he authenticatioD key to a specific Bhiotootti 
BLUEPOOTH link, it will often be referred to as link key. The RAMD is a random 
mimber that can be derived fcom a random or pseudo-nuadom process in the 
Bhotootfa BLUglQQTK unit. This is not a static parameter, it will change 
frequently . It is in the interest of a user to ensure that no unauthoiized person con 
use his Blu e tooth BUJETOOIH devicefs^ For this reason, die user may choose a 
FIN code. As such, a us/er may be expected to use the Bk ie to e lh BLUJEKXJIH 
system as intended for purposes which, few- instance, involve privacy. 

Please amend the paragraph beginning on page 8, line 4 to the following: 
- Compliant content source with SDMI content and compliant receivuig 

device: 

According to tfae recent SDMI Specification, SDMI content is allowed to be sent 
over links that are protected. As the j^ieteefe BUJEIIOOTH specification defines a 
secure link encryption system, Bluctpofli BLUEIDOIH can be used to send SDMI 
content High quality content can be used if the consumer devices is used are 
compliant, limited quality content can be used if at least one of the consumer 
devices is noti-compliant. 

Please amend the paragraph beginning on page 8, line 1 1 to the following: 
In FIG. 2 a furst practical unplementation of the method according to the 
invention is shown. In this example the method is used in a communication 
system comprising a music installation 14 and a portable CD-player 15 and the 
user of the portable CD-player wishes to download some content stored in the 
music instaUatLon. After activating a data communication link between tfae 
devices* for example by using Bluetooth pLUETOOIH link encryption, a first 
authentication session 16 is performed between these two consumer devices. In 
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tliis authentication session the music inghillation proves to the u$er of the portable 
CD-player that it is the conjumer device the user wishes to download music from 
and tlie portable CD-playcr authenticates itself to *e music installation as a 
portable CD-p)ayer. Next, a second authentication sessicHi 17 is performed 
between these two consumer devices. In this authentication session the portable 
CD-player proves to the music installation that the portable CD-player is allowed 
to download the content, i.e. it must prove it is compliant and the music 
installation authenticates itself to the portable CD-player. If bodi auth^tication 
sessions are successful* the key-merge block used for decrypting the encrypted 
content fi:om the music installation is generated and the music can be downloaded 
to the portable C[>-playen 

Please amend the paragraph beginning on page 8, line 1 1 to the following: 
It must be noted that, aKhough the embodiments are directed to use in the 
Bbrtaetfi BLUETOOTH specification, the mvention is not limited to the Bbe«9e& 
BLUETTQCnH link encryption. Also the DECT security standard can be used in 
^e method for secure data corrmiunicatioo aocordiog to the invention. The 
invention is also not limited to wireless data communication, but can also be used 
in noit-wireless ways of data communication* for example the Internet. 
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